Okena's existing StormWatch intrusion-prevention product deploys agents on a network to monitor policy-violating behavior. A new Okena product called StormFront uses the same agents to identify the applications and processes running on a network.

'The signature-based environment sometimes raises more questions than it answers,' Spernow said. 'Do I ignore something or spend a day and a half tracking it down?'

His staff is beta testing StormTrack, and 'my techies really like it,' he said. They can identify anomalies once they know what applications and processes are actually running on each box and port.

Not dead yet

What they find often comes as a surprise. 'A lot of the time we find it's from an application that has been deleted but the process has never been killed,' Spernow said.

Hercules from Citadel Security Software Inc. of Dallas has no assessment or scanning capabilities, but it imports scans from third-party products and gives the administrator a fix for the vulnerabilities found.

Administrators are touchy about tools that automatically change or install software, so Hercules does nothing until the administrator authorizes a suggested fix. The company claimed that Hercules reduces the time needed to review and fix a vulnerability from hours to minutes.

GuardedNet Inc. of Atlanta also uses information from third-party products. Its neuSecure software imports data from security devices to centralize event management. Chief executive officer Tom McNeight said the company is targeting the federal market.

'Everybody has made significant investment in device-level infrastructure' without a way to manage it effectively, he said.

NeuSecure consists of an event aggregation module that gathers and normalizes data from firewalls, intrusion-detection systems, routers, operating systems and applications. The module passes all the data to a central management system for correlation.

McNeight said there is no effective limit to the number of devices for the aggregation module or how many modules that can feed a central management system. NeuSecure is part of three federal pilots, he said.